~ By Kenneth Darter
Risk management is a vital part of project management. Every project carries some element of risk. Being able to deal effectively with these risks (whether they be negative or positive) can be what makes or breaks a project in the end. The result of all risk management should be the ability to track a risk from beginning to end. Whether a project uses a formal risk process with automated tools or just a shared Excel file on a common drive, the risks must be tracked very carefully by the project management team.
The creation of the risk is the first step and oftentimes, the step in which a risk can be easily lost. Risks may come up in meetings or in emails or even in hallway conversations. The project manager needs to make sure that everyone on the project knows what a risk is and what to do when they identify a potential risk. There should be one person or team that is responsible for creating the risk and starting the tracking process once a risk has been identified by someone in the project team. While they may not see the risk as something that needs to be tracked, it should be up to the project manager and the steering committee (or other decision making body) to determine if the risk needs to be tracked and followed through the risk lifecycle.
Once a risk is created, then the project manager or designated team needs to evaluate it. Usually, this involves determining the likelihood or the probability of the risk occurring and then determining the impact of the risk on the project. There may be other evaluations called for in the Project Charter or formal risk management document. This step is important in that it helps the decision makers determine what needs to be done about the risk. Research and homework must be done by the designated person so that the evaluation will be truly useful and not just a rough estimate.
Once the creation and evaluation of the risk is done, it is time to execute the mitigation plan for the risk. Note that mitigation steps can be done for positive or negative risks. The mitigation includes any steps that the project team has decided to take in order to prevent the risk or minimise the impact of the risk. It may be that the team decided to do nothing, or it may be that there is a whole separate plan to deal with the risk with its own scope and resources beyond the original project. All of this depends upon the evaluation and the decisions made by the risk committee or stakeholders. The risk and all the mitigation steps must be monitored carefully through this entire process.
The last step in tracking the risk is to record the dispensation of the risk. Was the risk accepted or was there a mitigation plan and if there was a mitigation plan, was it successful? Along with the actions that were taken about the risk, the dispensation should include the lessons learned by the project team about the risk. That way, the next time this risk is identified or observed by the project team, they will not have to start from scratch and go through these steps.